Vulnerability Assessment Tools

NetSPI consultants dedicate time and resources to develop open-sourced tool sets that strengthen the infosec community.

Want to see more of our open source projects, check out our GitHub repositories. Click here




PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server.


Inveigh is a PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system.


MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use.

NetSPI SQL Injection Wiki

This wiki’s mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.

Read about the SQL Injection Wiki on our blog
Learn more on our SQL Injection Wiki


PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

Burp Extractor

Burp Extractor is intended to be used as a one-size-fits-all tool for extracting data from HTTP responses to be reused in HTTP requests. This can be items such as CSRF tokens, Auth Bearer tokens, timestamps, etc. The extension uses regex to extract needed data from responses, and will insert extracted data into any HTTP request sent through Burp which matches a second regex.

JSON Beautifier

This is a Burp Extension for beautifying JSON output. There exists a python version in the BApp Store at the moment. After some difficulties with Jython I opted to port it to Java.

AWS Signer

This is a Burp Extension for AWS Signing.


This is a Burp Extension for parsing WSDLs.


This is a tool for altering Windows tokens.

WheresMyImplant: A C# Bring-Your-Own-Land toolkit

WheresMyImplant contains the tooling nessessary to gaining and maintain access to target system. It can also be installed as WMI provider for covert long term persistence.


SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent. At its core, SQLC2 is just a PowerShell script, a TSQL script, and a few tables in an SQL Server instance that tracks agents, commands, and results. Nothing too fancy, but it may prove to be useful on some engagements.

goddi (Go Dump Domain Info)

These tools are a great starting point for gaining insight into an Active Directory environment.

Read about the goddi tool on our blog. 
Learn more on our GitHub page.


Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator.

Read about JavaSerialKiller on our blog
Download JavaSerialKiller from GitHub


PowerShell module and Java code to decrypt WebLogic passwords.

Read about WebLogicPasswordDecryptor on our blog
Download WebLogicPasswordDecryptor from GitHub

  • Sign Up for Our Mailing List to Keep Up on the Latest From NetSPI

  • Close

    Contact Us